Welcome to the new era of cybersecurity, where every natural language input is a potential attack vector. The recent report of the GitLost vulnerability by Cyberfeed is a wake-up call for the industry: prompt injection is the new SQL injection. But if you look closer, this wasn't just an AI problem—it was a fundamental Identity and Access Management (IAM) failure. Here is exactly how the attack happened, why the current landscape of "shadow agents" makes your organization highly vulnerable, and how you can prevent it.
The devil is in the details: How GitLost worked
GitHub recently launched Agentic Workflows, pairing standard automations with AI models (like Claude or Copilot) that can read issues, trigger tools, and execute tasks autonomously. To exploit this, researchers created a benign-looking GitHub Issue in a public repository. Embedded in the text was an indirect prompt injection—malicious instructions hidden in plain English, disguised as a genuine user query.
.png)
As shown in the image above, after two normal interactions, the attacker asked the agent to fetch the readme.md of a highly restricted private repository (testlocal). By using the word "Additionally," they tricked the model into treating the malicious request as a natural follow-up. The agent's guardrails failed to reframe the output. It dutifully read the private repository and posted the contents as a public comment on the open issue.
The attacker didn’t write a single line of malicious code. They didn’t steal an API key. They just spoke English through a browser. But the exploit was only possible because of a critical, underlying flaw: the AI agent was over-privileged. It was granted cross-repository read access to private environments it had absolutely no business touching for that specific workflow.
The governance vacuum and the rise of "Shadow Agents"
Although organizations rely on frameworks like the OWASP Top 10 to secure applications, you cannot mitigate a risk you cannot see. When an agent's context window becomes your attack surface, traditional trust boundaries evaporate. According to the 2026 Microsoft Cyber Pulse report, while over 80% of Fortune 500 companies have deployed autonomous AI agents, their security infrastructure has failed to keep pace. Enterprise data exposes a massive, dangerous visibility gap:
- 79% of organizations completely lack visibility into what their AI agents are actively doing on corporate networks.
- The Shadow Agent Crisis: Over 82% of enterprises have discovered "shadow agents" operating inside internal networks without IT approval or mature IAM governance frameworks.
- The Ownership Blindspot: While 85% of IT teams claim AI agents are under control, only 42% can actually name the human owner of a specific agent.
Most attacks on AI systems succeed because an agent was granted unnecessary access to a resource that no one tracked, governed, or monitored until the breach occurred.
Securing non-human identities (NHIs) with Unosecur
GitLost proves that you cannot rely solely on prompt engineering or AI guardrails to secure your data. AI models are inherently designed to follow instructions, making them fundamentally susceptible to manipulation. The definitive defense is strict, programmatic access control. This is an IAM governance problem—and it is exactly what Unosecur solves.
Unosecur enables security teams to regain visibility and control over their automated ecosystem by treating AI agents as what they truly are: Non-Human Identities (NHIs). To prevent incidents like GitLost, organizations must adopt a Zero Trust architecture for their AI workflows.
With Unosecur's Unified Identity Fabric, you can:
- Discover and Track: Eliminate shadow agents by gaining 100% real-time runtime visibility into every non-human identity operating across your multi-cloud environment.
- Enforce Least Privilege: Restrict AI agents to the exact permissions they need for a specific task. An agent operating in a public repo should never hold credentials capable of reading your private infrastructure.
- Implement Robust RBAC & ABAC: Build mature Role-Based Access Control (RBAC) and Activity-Based Access Control (ABAC) governance frameworks specifically tailored for autonomous agents, ensuring their permissions are continuously monitored, verified, and scoped.
See every AI agent, and every non-human identity, in one place. Explore our platform at unosecur.com to govern your automated workflows and unify your identity stack.






